PT-2023-21563 · Unknown · Go-Used-Util
Cokebeer
·
Published
2023-03-16
·
Updated
2023-08-23
·
CVE-2023-28105
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
go-used-util versions prior to 0.0.34
Description
The issue is a ZipSlip problem that occurs when using the fsutil package to unzip files. This can lead to path traversal when users use
zip.Unzip to unzip zip files from a malicious attacker.Recommendations
For versions prior to 0.0.34, upgrade to version 0.0.34 or above to fix the issue. As a temporary workaround, consider avoiding the use of the
zip.Unzip function from the github.com/dablelv/go-huge-util/zip package until the upgrade is applied.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Go-Used-Util